"Call it the vacuum-cleaner approach. It's employed when police have obtained a court order and an Internet service provider can't "isolate the particular person or IP address" because of technical constraints, says Paul Ohm, a former trial attorney at the Justice Department's Computer Crime and Intellectual Property Section. (An Internet protocol address is a series of digits that can identify an individual computer.)

That kind of full-pipe surveillance can record all Internet traffic, including Web browsing--or, optionally, only certain subsets such as all e-mail messages flowing through the network. Interception typically takes place inside an Internet provider's network at the junction point of a router or network switch.

The technique came to light at the Search & Seizure in the Digital Age symposium held at Stanford University's law school on Friday. Ohm, who is now a law professor at the University of Colorado at Boulder, and Richard Downing, a CCIPS assistant deputy chief, discussed it during the symposium.

In a telephone conversation afterward, Ohm said that full-pipe recording has become federal agents' default method for Internet surveillance. "You collect wherever you can on the (network) segment," he said. "If it happens to be the segment that has a lot of IP addresses, you don't throw away the other IP addresses. You do that after the fact."

"You intercept first and you use whatever filtering, data mining to get at the information about the person you're trying to monitor," he added.
On Monday, a Justice Department representative would not immediately answer questions about this kind of surveillance technique.

"What they're doing is even worse than Carnivore," said Kevin Bankston, a staff attorney at the Electronic Frontier Foundation who attended the Stanford event. "What they're doing is intercepting everyone and then choosing their targets." "